In the wake of non-stop news about identity theft, malware, ransomware, and all manner of information security catastrophes, Americans have educated themselves and are fully leveraging today’s powerful technologies to keep themselves safe… not.

While 67% told Morar Consulting they “would like extra layers of privacy,” far fewer use the technological tools now available to them. That’s the top-line finding of a brand-new survey of 2,000 consumers by Morar on behalf of the worldwide VPN provider “Hide My Ass!”

A key related finding: 63% of survey respondents have encountered online security issues. But, among the folks who’ve been bitten, just 56% have permanently changed their online behavior afterwards. (If you don’t learn the “hard way,” when do you learn?)

According to Morar, there’s still an odd disconnect between the way some people protect themselves offline and what they’re willing to do on the web. 51% of respondents would publicly post their email addresses, 26% their home addresses, and 21% their personal phone numbers.

But the results aren’t all negative. 69% of respondents say they “consciously limit” how much personal information they share online and on social media.

55% have defended their privacy by asking someone else to delete a post or untag an image. (And, in a finding that’ll make marketers shudder, 60% say they’ve deliberately provided inaccurate personal information on social media to protect themselves.)

Like the great content marketers they are, Morar and Hide My Ass! have spiced up their survey with a nifty set of “personas.” In just 7 questions, you can discover whether your web security profile is more “Cautious Contributor,” “Social Savvy Butterfly,” or “Online Nudist”… more Kim Kardashian, Taylor Swift, or Leonardo DiCaprio.

About the author

14 comments on “Americans want to be safer online – but not if they have to do anything”

I give classes in computer security for non techs in the US. Once bitten, most users become much more aware of security. A portion(?) of users of all ages reveal too much personal information, so both young and old. I spoke to someone yesterday in his 60’s who does not post any personal information on FB and chided his niece in her 20’s about doing it. One of problems at least here is the US is that if you use your real name and an approximate geo location, there is enough public information available to find out just about everything about you. Voter registration information in the US is considered public, though some states and locales have it on the deep web, it contains DOB, address, tel#, political affiliation, and when you voted. Public real tax information is often hidden but publicly available,

Use of antivirus is not consistent from my observation. Users either don’t renew or don’t update. I’ve been pushing Sophos Home over AVG and Avast because there does not appear to be a nag screen. The problem is that many users don’t understand how to turn off or uninstall other AV products, particularly Defender.

I also find that users either click on infected attachments or links without thinking; I try to emphasize the dangers of doing this, but I often feel that they don’t get it. I tell them to preview the link in the status bar. But a lot of users panic when they see a pop-up telling them there computer is infected (it’s hard to believe that people still fall for that).

Most older users do not like 2FA, I’m not sure about young people. They don’t understand why something has to get sent to your phone to login. 2FA is hardly universal in the US.

That’s why I’ve been telling users about it, no hassles. Is there a firewall in Sophos Home? I couldn’t find one, but I may have missed it. I use a hardware firewall so this is only for when I tell people about it.

As a part of my retirement benefits here in the US, I am a member of a private medical benefits “exchange” called OneExchange. I buy supplemental medical insurance from them and they administer my Health Savings Account. Yesterday I received an email. The subject described a message from OneExchange. The sender was in the Payflex.com domain. And the email message was presented from Voltage. That terse message which contained no personal information, not even my name, told me to open the attached, encrypted file (a cryptically-named HTML file) for an important message.

Now this should set off alarms among every Naked Security reader. But the kind folks at OneExchange thought that assuring me that the message was from them was sufficient; that there was no reason for them to change their practices. They couldn’t understand that they were training their users to accept unsafe behavior.

“Americans want to be safer online – but not if they have to do anything”
That’s the equivalent of saying “Brits have due to inbreeding” Which I expect isn’t true.
Just lumping billions of people into a category to make a ridicules eye catching headline is something punks do, not journalist.

The problem is (as far as i can tell) the title is accurate. even people i know that are in IT still feel like they should have to do anything to stay protected. they think there should be some magic software or hardware that will protect against all threats.

“Americans want to be safer online – but not if they have to do anything”
And that’s exactly why things are so problematic. Some people want someone else to do everything for them instead of taking responsibility for their own security. Rather than educate themselves, they would prefer to fall faintingly to the divan with the back of their hand against their forehead as if education was an exhaustively draining exercise when tasked with learning something new.
The MOST important aspect of security isn’t a piece of software. It’s an educated user who takes responsibility for what they do and where they go on the Internet. No amount of programming precaution can equal the effectiveness of someone who actually takes a conscious role in their own cyber security.

@jonathanpdx Woah! While I agree in principle, I would suggest to take a step away from the mirror and look around you. Not everybody gets paid on a daily basis to keep up with the ever faster changing world of black hat hacking, organized computer crime, surveillance, insecurely built online services, and equally evolving counter measures, nor even the constant updates of hardware, software, and operating systems (with most of them not being security updates but profit driven changes which usually reduce security), not to mention insecure devices, services, and procedures forced on many people by their governments. Also, as we get old, we lose our faculties and have other things to deal with (like health issues) and a lot of things to learn which have nothing to do with communication technology which simply – should – work (and safely, at that!).

After the Wall Street Crooks killed my IT career, I kept up with security on my home computer and the PCs of friends for many years. Installing AV packages, FireFox (at least back then safer than the alternatives), TSR controllers, and application firewalls, and I practiced and counseled safer online behavior. But once rootkits and injection of malicious code in PDF and JPEG files distributed through the now ubiquitous cross-site scripting came along, I reached the end of my rope; worse when I transitioned to GNU Linux where practically no security software exists for non-server installations, the community resting on the laurels of an originally safer system architecture and the obscurity fantasy which Mac owners also once enjoyed. I have to earn my living with non-IT work now, and I am getting older. I DO need solutions made by others and really CAN use expert advice from others now.

I know and understand the frustration one feels when dealing with unbelievably naive and trusting people, but blaming them is no solution. Perhaps, rather than scoffing at people who are not using F2A or VPNs, it would be better to educate them about what these newfangled things are and how they can use them. The cost which may be involved with some of these (is there a trustworthy free VPN anybody can use?), could also deter many who are not lucky to have a well paying job, a business where others work for them, or a comfortable retirement. So, if you are not yet approaching decrepitude and have a well paying job in IT security or your own IT company, maybe do this: Smile, count your great blessings, and help those who are not so lucky… while you still can. It’s what I would do.

The problem I have with this type of survey is how they interoperate the answers, for example if I get asked “Have you significantly altered your online habits in the last year due to security issues” I would honestly answer “No” and therefore get lumped into the ‘too lazy to change’ group, however in reality my answer is because I’m a professional computer security consultant, and have been for many years, I am well aware of the issues, and have been putting security first for a very long time, hence my habits not changing, they are already as good as I can manage.